Back

How a Holistic Approach to Cybersecurity Can Reduce Your Risk

Jul 11, 2017 | Milestone | Network Services
How a Holistic Approach to Cybersecurity Can Reduce Your Risk

As the traditional offices continue to be eschewed for virtual offices, telecommuting, and online collaboration tools, IT infrastructures are becoming increasingly exploitable. This kind of exploitability is apparent in the massive data leaks, unprecedented Distributed Denial of Service (DDoS) attacks, prolific and powerful malware, and data ransoming that has recently plagued major companies throughout the world.

Yet, how do enterprises ensure that their users, customers, and data are all protected? To get to the heart of this question, one must first understand what compromises traditional security technology and dissect the reasons why these security measures are failing. Without comprehending the reasons for failure, businesses cannot reliably invest in security technology that will ensure the integrity and confidentiality of their systems and data.

What is Security Technology?

Broadly, security technology is the hardware and software that is designed to detect, track, and ultimately stop exploitable vulnerabilities or malicious content from affecting a business’ networks, servers, and user endpoints, such as network-capable devices like laptops, cell phones, and tablets. Businesses have traditionally relied on various components like firewalls, proxy servers, encryption/decryption modules, and antivirus software to protect their IT systems from intrusion or misuse. However, this technology is only as valuable as it is effective—in that, it’s worth to any business is directly tied to its ability to prevent malicious content. Effectiveness for security technology can be measured in the following ways:

Performance
Performance: how well the technology delivers the core security function(s) it is intended to perform.
Persistence
Persistence: the technology’s ability to prevent attackers and users from bypassing it completely.
Flexibility
Flexibility: how readily the technology can evolve to accommodate and protect new applications, systems, and platforms.1

Unfortunately, with the proliferation of virtual offices, increasingly complex applications, and the evolving sophistication of hackers, businesses find themselves more exploitable as their hardware and software struggles to adapt and perform effectively—but why?

Challenging Traditional Security Technology

The typical components of an enterprises’ security technology are continuously rendered irrelevant for two primary reasons: increasing complexity of business-critical applications in the workplace and traditional technology’s inability to predict or recognize the ever-changing strategies of attackers.

While the second may seem obvious, the first is often overlooked. As more people work remotely and more business-critical information moves to the cloud, applications that allow instant messaging or peer-to-peer file sharing become necessary for employees to perform their jobs. These applications already present significant cybersecurity challenges, but their exploitability is compounded as the complexity of these applications’ capabilities continues to grow—and all of this puts significant strain on an enterprises’ firewalls.2 Applications that utilize non-standard ports, complex encryption, or are readily capable of port hopping, critically challenge the configuration of a business’ firewall, and ultimately reduce their ability to differentiate between innocuous and malicious content.

Additionally, the virtualization of the workspace has created significant security gaps for endpoints, especially as the technology available to hackers becomes more sophisticated. For endpoints, there are two primary attack vectors: vulnerabilities and malware.

Vulnerabilities

Any kind of flaws in a system or other legitimate applications that provides an attacker with an avenue to deploy malware.

Malware

Any kind of malicious or intrusive software—like spyware, viruses, and worms—designed to inflict damage to devices, people, or data.

So, hackers look for vulnerabilities to exploit within an enterprise’s system to deposit malware that will adversely affect their network, users, and/or data. Even a single unsecured endpoint—like an internal asset or an outside contractor’s laptop—can present a significant, exploitable vulnerability to the security of a businesses’ entire IT infrastructure.

Enterprises have often relied on traditional, signature-based antivirus scanning software to bear the brunt of endpoint protection. Yet, many attackers currently have access to cloud-based encoding and multi-scanning tools that automate their attacks and almost guarantee traditional security bypass. These tools can identify when certain attack approaches are being stopped by certain security measures, and autonomously identify and deploy attack vectors—or variants in vulnerabilities and malware—that can circumvent them. These tools allow hackers to seamlessly identify the scope of a business’ antivirus capabilities, and introduce malicious content that the software has never seen before, and thus cannot detect.1 To complicate this issue, remote employees and virtual offices have effectively introduced a continuously exploitable environment.

Approaching Security Holistically

Hackers have proven that they can circumvent individual security components too easily, so enterprises need to look beyond these individual components to a holistic security platform that safeguards businesses by integrating all elements into a complex and interconnected system. This enables enterprises to achieve the most critical function of next generation security management: managing the unknown. While there is a plethora of options currently available, key features of a truly holistic platform include:

Machine Learning
Machine Learning: which facilitates instantaneous assessment of executable files before they are allowed to run. Increasingly, programs that support machine learning or artificial intelligence can rapidly increase the adaptability and performance of security protocols.
Malware
Malware Inspection and Analysis: to truly combat the constantly-evolving malware flooding the internet, security platforms must be able to rapidly detect and analyze previously unknown malware and work in conjunction with other technology to remove it just as quickly.
firewall.png
Advanced Firewalls: which must be capable of operating on non-standard ports or port hopping to force firewall protocols where they may have been previously circumvented. Additionally, these firewalls must have advanced decryption capabilities, and be able to protect your network against existing and unknown vulnerabilities across all applications—especially cloud applications.
Endpoint Protection
Advanced Endpoint Protection: that replaces legacy antivirus with protection technology that utilizes a multi-method approach for curbing malware while creating and growing a log of threats, as they are encountered, thereby ensuring rapid and efficient responses.

Of course, the key to an effective, holistic security platform is integration. Each component of your enterprises’ security system must work in conjunction, and build off the functions of the other components to create a comprehensive, unified front. In this regard, hackers will no longer be able to attack singular components of a business’ security infrastructure individually, which goes a long way to ensure the continual safety of its IT infrastructure. To learn more about the benefits of next-generation security technology, consult Palo Alto Network’s cybersecurity whitepaper

1 Protect Yourself from Antivirus
2 10 Things Your Next Firewall Must Do

NOC: Understanding Your Options

Subscribe to Milestone360



Comments